Google sues Chinese cybercrime network that weaponized Gemini AI to automate massive scam operation

Reviewed byNidhi Govil

14 Sources

Share

Google has filed a lawsuit against Outsider Enterprise, a China-based cybercrime operation that used the company's own Gemini AI to create fraudulent websites and send millions of scam text messages. The FBI estimates the operation stole 3.87 million credit cards and caused $1.9 billion in losses since July 2023, making it one of the largest AI-enabled phishing campaigns to date.

Google Lawsuit Targets Massive AI-Powered Scams Operation

Google has launched legal action against a Chinese cybercrime network known as Outsider Enterprise, marking the first time the tech giant has directly sued a group for weaponizing its Gemini AI in fraudulent activities

1

. The lawsuit, filed in coordination with the FBI's Operation Ghost Hook, alleges that the group operated a sophisticated phishing-as-a-service platform that enabled thousands of criminals to launch AI-powered scams at unprecedented scale

4

.

Source: Hacker News

Source: Hacker News

The scope of the operation is staggering. According to the FBI, Outsider Enterprise has been linked to approximately 3.87 million stolen credit cards and an estimated $1.9 billion in losses since July 2023

4

. Google's complaint reveals that the group deployed 9,000 fraudulent websites, generated over 1 million malicious URLs, and sent 2.5 million scam text messages to Android users during a two-week period

2

. In May alone, 55,000 spam texts were flagged by Android users—more than two text spam complaints per minute

3

.

How Outsider Enterprise Weaponized Google Gemini

The criminal network operated through Telegram, offering a turnkey phishing kit for $88 per week or $200 per month

4

. What made this AI-enabled cybercrime operation particularly dangerous was its accessibility—zero technical skill was required to launch attacks. The platform provided more than 290 pre-built templates impersonating banks, wireless carriers, government agencies, state DMVs, the U.S. Postal Service, and toll systems like New York's E-ZPass

4

.

Source: Engadget

Source: Engadget

According to Google's legal filing, Outsider Enterprise distributed step-by-step instructions, including tutorial videos, showing customers how to use Google Gemini to generate HTML code for phishing pages

4

. The prompts were carefully crafted to appear innocuous—requesting a "gift redemption page" built with inline CSS and no JavaScript—to bypass Gemini's safety filters

4

. This allowed criminals to rapidly generate convincing replicas of legitimate websites that could steal passwords, payment card details, and two-factor authentication codes in real-time

2

.

The Infrastructure Behind Phishing-as-a-Service

Outsider Enterprise functioned as a comprehensive criminal ecosystem with specialized roles. Google's complaint identifies several distinct groups within the operation: developers who maintained the phishing software and website templates; data suppliers who curated target lists from public records, social media, and data breaches; a "spammer group" providing tools and infrastructure to send bulk scam text messages using smartphone banks, SIM cards, and modems; and money launderers who monetized stolen credentials

2

.

The cybercriminals brazenly coordinated their efforts through open, largely uncoded discussions on Telegram channels, where they trained each other, shared strategies, and developed new phishing attacks

2

. The platform's dashboard allowed operators to track the progress of their campaigns, while the software captured victim data in real-time and could request SMS codes, PINs, email codes, and app approvals on demand

4

.

Over a five-month period from November 14, 2025 to April 14, 2026, Google detected more than 1.59 million URLs connected to Outsider Enterprise

2

. The operation has stolen at least 36,000 payment cards issued by financial institutions across 95 countries

2

.

Law Enforcement Response and Industry Collaboration

Source: Tom's Hardware

Source: Tom's Hardware

The FBI, working alongside Google and Lumen Technologies through Operation Ghost Hook, seized several domains used by the cybercriminals, along with Shopify storefronts and accounts used to test the phishing service

2

. The operation also confiscated approximately $100,000 in USDT from Outsider payment wallets, and thousands of phishing domains registered through U.S. providers now redirect to an FBI splash page

4

.

"The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims," said Brett Leatherman, assistant director of the FBI's Cyber Division. "Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own"

5

.

Google has collaborated with AT&T, T-Mobile, and Verizon to block malicious scam text messages before they reach users

1

. The company's AI-powered scam detection feature in Google Messages intercepts more than 10 billion scam messages monthly, which likely caught some Outsider Enterprise activity

1

.

Legal Strategy and Future Implications

Google is pursuing claims under the Racketeer Influenced and Corrupt Organizations (RICO) Act and trademark infringement, though the company acknowledges that the unnamed defendants are unlikely to face extradition from China

4

. While the lawsuit may never result in courtroom proceedings, it aims to dismantle the infrastructure supporting these campaigns

5

.

This marks Google's second major action against phishing platforms, following a lawsuit against the Lighthouse phishing platform in November, which was tied to more than 1 million victims across 120 countries

4

. Google is using this case to advocate for new federal legislation, including the National Strategy for Combating Scams Act, the Strategic Task Force on Scam Prevention Act, and the AI Plan Act

1

. Most of these proposals call for federal law enforcement agencies to establish task forces specifically designed to counter AI-assisted scams and market manipulation

1

.

The case highlights a critical tension in AI development: the same safety measures built into systems like Gemini can clash with the need for chatbots to follow instructions and assist users, creating vulnerabilities that sophisticated criminals can exploit

1

. As AI systems advance toward more human-like capabilities, detecting malicious AI-generated content will become increasingly challenging, even with enhanced public awareness and government oversight

1

.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved